Bypassing VPN for some ports (bis)http://tomatousb.org/forum/t-1099868/bypassing-vpn-for-some-ports-bis
Posts in the discussion thread "Bypassing VPN for some ports (bis)" - I need to have a few in/out ports bypassing my tomato router OpenVPN so that some of my server functionalities are accessible directly through the address given to me by my ISP.Sun, 15 Sep 2019 09:50:06 +0000http://tomatousb.org/forum/t-1099868#post-2227891Re: Bypassing VPN for some ports (bis)http://tomatousb.org/forum/t-1099868/bypassing-vpn-for-some-ports-bis#post-2227891
Sun, 08 Feb 2015 09:16:23 +0000jedufa2060622
…still working on my issue…

what if I were to 1) have all the traffic go through my VPN 2) then bypass the VPN for the address 192.168.254.15 (my server) 3) then force all communications on port 6881 (torrent) in the VPN in this order?

I mean, if I were to only implement (1) and (2), then I would directly connect my server on my modem instead of on my tomato router. But as my server also downloads torrents, which traffic type I would prefer to go through my VPN, then I thought that adding a port 6881 redirect for all machines could do the trick:

I guess I could get used to live with this setup. My testing shows that yes, I can reach my server through my normal (non-VPN) WAN address. Problem is, I don't know how to test this routing table to verify that my traffic of port 6881 is actually going through the VPN…

So I move slightly forward, but yet no firm solution.

Anyone can chip-in?

Thanks JF

PS: In case you need all the script, I omitted it because I thought it was not too relevant. Basically, MARK 0 goes through the VPN, MARK 1 bypasses the VPN).

]]>
http://tomatousb.org/forum/t-1099868#post-2227513Re: Bypassing VPN for some ports (bis)http://tomatousb.org/forum/t-1099868/bypassing-vpn-for-some-ports-bis#post-2227513
Sat, 07 Feb 2015 20:17:47 +0000jedufa2060622
Anyone? I could really use some help :-(
]]>
http://tomatousb.org/forum/t-1099868#post-2226335Bypassing VPN for some ports (bis) - just a quick fix i hope!http://tomatousb.org/forum/t-1099868/bypassing-vpn-for-some-ports-bis#post-2226335
Fri, 06 Feb 2015 14:30:01 +0000jedufa2060622
Far from me to re-open a topic that might have been covered in past threads… but I am searching the web since 3 days to solve the issue with my config.

Problem:

I need to have a few in/out ports bypassing my tomato router OpenVPN so that some of my server functionalities are accessible directly through the address given to me by my ISP.

My setup:

A modem from my ISP with the address WAN_IP. Internally, IP address set to xxx.xxx.255.2. DMZ set towards xxx.xxx.255.3. A tomato router connected to my modem (on vlan2). Internally, IP address set to xxx.xxx.255.3 (on br0). A bridge br1 setup with IP xxx.xxx.254.2. A local server xxx.xxx.254.15 (as well as x other devices on the intranet) connected to my tomato router. Intranet addresses on xxx.xxx.254.100-254. For temporary simplification, i also have a DMZ in my tomato router set for my server xxx.xxx.254.15. Tomato router has an OpenVPN client connection with a VPN provider. All traffic is routed there at the moment. For sake of completeness, my eth1 and eth2 are for my 2 wireless networks (and not involved here).

All that works out-of-the-box.

But now I want to access my server (xxx.xxx.254.15) on port e.g. 80 directly by using my ISP-given WAN_IP (e.g. yy.yy.108.71), through my modem and then through my tomato router. This works when the VPN client is OFF. When ON, it does not as expected. How should I change my Firewall script and WAN Up script (and VPN config) to allow me to do this?

What I tried:

As I have mentioned, I tried the solutions found on the web (e.g. openvpn-bypass-on-some-ports, openvpn-client-on-tomato-to-a-server-how-to-bypass-some-ip, ). But nothing worked for my, probably because I did not know how to tailor those parameters to my setup. I was also confused as to what IP I should use for the routes, e.g. my WAN_IP (given by ISP) or my Modem IP (xxx.xxx255.2).

found on a post called "Route only specific ports through VPN (openvpn)" (sorry, the site does not let me copy links yet). While it works, it is only for ports of EVERY machine in my intranet, not only on my server's ip 254.15.